feat: add view to change current user password

2024-08-05 11:45:00 -05:00 · 2024-08-05 11:45:00 -05:00 · a2ba88ca8f
commit a2ba88ca8f
parent 70d13ee1e7
13 changed files with 259 additions and 7 deletions
--- a/tests/views/test_auth.py
+++ b/tests/views/test_auth.py
@ -70,3 +70,75 @@ class TestAuthView(TestCase):
        redirect = view.logout()
        self.request.session.delete.assert_called_once_with()
        self.assertIsInstance(redirect, HTTPFound)
+
+    def test_change_password(self):
+        view = mod.AuthView(self.request)
+        auth = self.app.get_auth_handler()
+
+        # unauthenticated user is redirected
+        redirect = view.change_password()
+        self.assertIsInstance(redirect, HTTPFound)
+
+        # now "login" the user, and set initial password
+        self.request.user = self.user
+        auth.set_user_password(self.user, 'foo')
+        self.session.commit()
+
+        # view should now return context w/ form
+        context = view.change_password()
+        self.assertIn('form', context)
+
+        # submit valid form, ensure password is changed
+        # (nb. this also would redirect user to home page)
+        self.request.method = 'POST'
+        self.request.POST = {
+            'current_password': 'foo',
+            # nb. new_password requires colander mapping structure
+            '__start__': 'new_password:mapping',
+            'new_password': 'bar',
+            'new_password-confirm': 'bar',
+            '__end__': 'new_password:mapping',
+        }
+        redirect = view.change_password()
+        self.assertIsInstance(redirect, HTTPFound)
+        self.session.commit()
+        self.session.refresh(self.user)
+        self.assertFalse(auth.check_user_password(self.user, 'foo'))
+        self.assertTrue(auth.check_user_password(self.user, 'bar'))
+
+        # at this point 'foo' is the password, now let's submit some
+        # invalid forms and make sure we get back a context w/ form
+
+        # first try empty data
+        self.request.POST = {}
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['current_password'].errormsg, "Required")
+        self.assertEqual(dform['new_password'].errormsg, "Required")
+
+        # now try bad current password
+        self.request.POST = {
+            'current_password': 'blahblah',
+            '__start__': 'new_password:mapping',
+            'new_password': 'baz',
+            'new_password-confirm': 'baz',
+            '__end__': 'new_password:mapping',
+        }
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['current_password'].errormsg, "Current password is incorrect.")
+
+        # now try bad new password
+        self.request.POST = {
+            'current_password': 'bar',
+            '__start__': 'new_password:mapping',
+            'new_password': 'bar',
+            'new_password-confirm': 'bar',
+            '__end__': 'new_password:mapping',
+        }
+        context = view.change_password()
+        self.assertIn('form', context)
+        dform = context['form'].get_deform()
+        self.assertEqual(dform['new_password'].errormsg, "New password must be different from old password.")